Cisco 1121 unit installed with ACS 4.2 SE version
Hi all
Sorry, we could install version to 4.2 on the Cisco 1121 device acs?
Could we use 1120 ACS 4.2 image DVD to install on 1121?
Or any workaround?
THX!
Calvin Su
Hi Calvin,
Unfortunately, 1121 hardware doesn't support version 4.2.0 acs so downgrade is not an option for 1121. It can only be used with ACS 5.x
Kind regards
Jousset
The rate of useful messages-
Tags: Cisco Security
Similar Questions
-
Permission of AAA with ACS Shell-games
Hi all
I use a router cisco 871 running that version 12.4 (11) T advanced IP Services.
I have difficulty getting permission to AAA to work properly with ACS.
I am able to configure ACS fine users and assign them shell and private level 7.
I then install a set of Shell Auth and enter the issuance of orders and configure.
When I log in as a user, I get an exec with a level of 7 priv no problem, but I never seem to be able to
to access global configuration mode by typing in conf (or set up) terminal or t.
If I type con? It is the only command connect, configure is never an option...
The only way I can get this to work is by entering the command:
privilege exec level 7 Configure terminal
I thought the whole purpose of the ACS Shell Set to provide this information to the router?
It's frustrating
The ACS server is set up with the Shell Set named Level_7 order authorization
It is attributed to the relevant groups and I have the 'Unmatched orders' option selected in the 'license '.
The "unmatched Args allowed" is also selected.
See an extract of my IOS config below:
AAA new-model
!
!
AAA group Ganymede Server + ACS
Server 10.90.0.11
!
AAA authentication login default group local ACS
AAA authorization exec default group ACS
AAA authorization commands 7 by default local ACS group
!
Cisco radius-server host 10.90.0.11 keys
!
!
privilege exec level 7 Configure terminal
privilege exec level 7 set up
privilege exec level 7 show running-config
privileges exec level 7 show
!
Hope you can help me with this one...
PS I tried with orders of privilege on the router and remove the router and just keep getting the same results!
Hello
So now,
You're actually using two different options and trying to couple then together. What I would say is you either use authorization Command Shell function or play with level privileges. Not mixed together both.
Above scenario might work, if you move orders to focus on level 6 and give the 7 user privilege level. He couldn't be sure. Try it and share the results.
That's what I suggest that orders back to a normal level.
Provided below are the steps to set up the shell command authorization:
-------------------------------------------
Follow these steps on the router:
-------------------------------------------
! - is the desired username
! - is the password
! create - us a local user name and password
! - in case we are not able to get authenticated via
! - our Ganymede server +. To provide a backdoor.
password username 15 privilege
! - To apply the aaa on the router model
AAA new-model
! - Following command is to specify our ACS
! - location of the server, where is the
! - ip address of the ACS server. And
! - is the key which must be the same during the FAC and the router.
radius-server host key
! - To get the authentication of users through ACS, when they try to log - in
! - If our router is unable to join the ACS, we will use
! - our local user name & the password that we created above. This
! - we prevent locking.
AAA authentication login default group Ganymede + local
AAA authorization exec default group Ganymede + local
AAA authorization config-commands
AAA authorization commands 0 default group Ganymede + local
AAA authorization commands 1 default group Ganymede + local
AAA authorization commands 15 default group Ganymede + local
! - Sequence of commands are for posting to the activity of the user.
! - When the user connects to the device.
AAA accounting exec default start-stop Ganymede group.
AAA accounting system default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
--------------------
ACS configuration
--------------------
[1] Goto 'Profile components shared' a-> 'Shell command authorization sets'-> 'Add '.
Provide any name at all.
provide sufficient description (if necessary)
(a) for full administrative access set.
In the unmatched controls, select 'allow '.
(b) for all access limited.
In the unmatched controls, select "decline."
And in the field above 'Add a command' box, type in the box below and the main command "permit unmatched Args" Order under allow.
For example: If we want the user to only have access to the following commads:
opening of session
Logout
output
Enable
Disable
Show
Then, the configuration should be:
-----------------------------------------------
-Allowed unparalleled Args.
-----------------------------------------------
connection permit
permit disconnection
exit permits
Select the permit
disable the permit
license terminal configuration
ethernet interface license
permits 0
to see the running-config
------------------------------------------------
in example above, user will be allowed to run only from commands. If the user tries to run the interface ethernet 1', the user will get "failed command authorization.
[2] press 'submit '.
[3] Goto Group on which we want to apply these command authorization set. Select 'change settings '.
(more...)
-
Authentication EAP - TLS with ACS 5.2
Hi all
I have question on EAP - TLS with ACS 5.2.
If I want to implement the EAP - TLS with Microsoft CA, how authentication computer and user will be held?
Understand that the cert is required on the client and the server end, but is this certificate to the computer links or links to individual users?
If the links to the user, and I have a shared PC connection by few users, is that each user account will have their own certificates?
And each individual user will have to manually get the CA cert? is there another method that my environment has more than 3000 PCs.
And also if it binds to the user, any user can get their CA cert with their AD username and password, if they bring in their own device and try to get the CA certificate, they will be able to properly install the cert in their device on the right?
I hope you guys can help with that. Thank you.
Hope this will answer most of your questions:
Client certificate or user
http://www.Cisco.com/en/us/Partner/Tech/tk59/technologies_tech_note09186a00804b976b.shtml#T10
Computer certificate
http://www.Cisco.com/en/us/Partner/Tech/tk59/technologies_tech_note09186a00804b976b.shtml#T15
In the case of EAP - TLS we have the certificate of computer and user installed on the machines.
Kind regards
Jousset
The rate of useful messages-
-
My CD/DVGW device stop working after iTunes was installed with Apple records.
My CD/DVGW stop working after you install the program iTunes with Apple records. The letter (e) are attributed to him does not appear in computer (Windows Vista Home Premium), as it was before. Every time the PC is switched on or reboot, a message from Apple saying "AppleSyncNotifier.exe point of entry is not found. The procedure entry point sqlite3_prepare_v2 could not be found in the dynamic library SQLite3.dll. "The HP device proves that this CDROM works. iTunes has been removed, but the apple files are still there. Driver Detective advised to remove the filters from the registry. Only the filters 'less' appeared and has been deleted. This does not solve the problem. Should I delete all Apple records that have been installed with iTunes? This will damage other programs? Reinstall the driver for this device does not resolve the problem. ! yellow sign keeps appearing in the parity for this device handler. Systen restore does not a remote date just to put it as he was back. Can someone help, please?
Hello
Having too many competing programs from loading at startup CD/DVD can cause these problems.
Deleted? Or did you correctly uninstall iTunes? Check with iTunes support for complete hair removal methods.
---------------------------------------------------------------------------------------------------------------------------------------
Step 1: Please do all the same underneath if you did some before as is often total
a process that solves the problem.Try this - Panel - Device Manager - CD/DVD - double click on the device - driver tab.
Click on update drivers (this will probably do nothing) - RIGHT click ON the drive - uninstall.
RESTART this will refresh the default driver stack. Even if the reader does not appear to continue
below.
Then, work your way through these - don't forget the drive might be bad, could be a coward
cable or slight corrosion on the contacts (usually for a laptop) and other issues.Your CD or DVD drive is missing or is not recognized by Windows or other programs
http://support.microsoft.com/kb/314060 - a Mr FixitTry this fix manually if the Fixit 314060 does not work
http://www.pchell.com/hardware/cd_drive_error_code_39.shtmlYour CD or DVD drive is missing or is not recognized by Windows or other programs-
a Mr Fixit
http://support.Microsoft.com/kb/982116The CD drive or the DVD drive does not work as expected on a computer that you upgraded to
for Windows Vista
http://support.Microsoft.com/kb/929461When you insert a CD or a DVD, Windows Vista may not recognize the disc
http://support.Microsoft.com/kb/939052Your CD or DVD drive cannot read or write media - A Mr Fixit
http://support.Microsoft.com/GP/cd_dvd_drive_problemsCD/DVD drive does not appear in Windows Vista, or you receive this error in Windows
Vista installation after booting from the DVD (AHCI)
http://support.Microsoft.com/kb/952951
Drive CD - R or CD - RW Drive is not recognized as a recordable device
http://support.Microsoft.com/kb/316529/Hardware devices not detected or not working - A Mr Fixit
http://support.Microsoft.com/GP/hardware_device_problemsAnother possibility is that the cables are loose. Remove ALL power, then make sure that the cables in both
ends. Remove and replace, do not just tight. For laptops, you can often clean power and
contacts data with a pencil eraser.Some DVD players do not use the Windows default drivers so check with the manufacturer of system and
manufacturer of device to see if there is a firmware or drivers for your drive if necessary.===============================
Step 2: You have disc problems as the CD/DVD is actually 4 discs in 1 case (CD & DVD
Burn and CD and DVD read). So it is not unusual for 1 or 2 operational so that other parts
do it right.Did you follow the Troubleshooting Guide for the reader who still does not work? There are
the entries in registry that the troubleshooter does not solve and those who "might" be the cause.Check with your Maker system and a device for the two possible firmware updates and
the correct registry entries for your car.Here are the keys that I of course are those in question - for the subkeys of the CD/DVD drive
as there will be other subkeys in these keys. Do not forget to ask specific keys involved as well as
the parameters.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\IDE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\ {4D36E965-E325-11CE-BFC1-08002BE10318}
-----------------------------------------------------------------------
You can probably find more info here and maybe even the exact registry for your CD/DVD settings
drive from someone with the same model.Forums - a lot of expert real help
http://Club.myce.com/CD/DVD units
http://www.myce.com/storage/Use DevManView to locate the CD/DVD in the registry (be careful and do a prior Restore Point)
nothing change) - find the DevManView device and then make a right click on it free in RegEdit.DevManView - free - an alternative to the standard Windows Device Manager, which displays all the
devices and their properties in flat table, instead of the tree viewer
http://www.NirSoft.NET/utils/device_manager_view.htmlI hope this helps.
Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle="" -="" mark="" twain="" said="" it="">->
-
Cisco Firepower 4110 Clustering with ASA and DFT
Hi all
We have a pair of Cisco 4110 firepower devices and have them clustered for the ASA Security Module.
There seems to be no option to add an additional logical device for the threat of fire power defence Module, so can only assume this is not supported in an active/active state.
More on the SAA Module there is no tab of remote access VPN Configuration.
So my question is how to incorporate the functionality of defense threat in the ASA, I suppose that this would be by the engine unloading in the advanced settings, but requires the SAA be in Active mode / standby and the power of fire threat defense logical device will be available?
Second question is it would have been better buy the Cisco ASA 5585 X with the Module of firepower in support of all the regular features of the SAA as well as traffic inspection unloading to the module of firepower?
I found some documentation on the Cisco site, but tend to lose sight of where the reference to FTD and not be supported of the Clustering or RAS VPN not supported by ASA or FXOS docs, so I was hoping for some insight on here.
Appreciate any clarity around the support of devices 4110 of the firepower and configuration of the FTD and ASA combines the features supported.
We run ASA v9.6 (2) and FXOS 2.0.1 (86).
Thanks in advance.
Mark
On a firepower 4100 Series chassis, you can run a single logical unit. Several logical devices are supported only on the 9300 firepower that supports up to 3 modules of security.
So choosing between types of module ASA and DFT (or technically you can also deploy the RADware vDefense Pro but it is mainly for service providers).
One or the other and never the two.
The module of the SAA supports remote access VPN over 4110 of firepower. I put one in place personally nothing this month. Have you recorded the chassis with the smart licence and applied ASA licenses (basic an and 3DES / AES)?
The ASA modules take supported the HA and inter-chassis clustering on the 4100 series hardware.
If you run picture FTD, there is currently no support for remote access VPN. It is a high priority position of roadmap for a future version (post - 6.2). FTD does not currently support the chassis inter cluster but that should be in version 6.2.
-
Cisco router restarts randomly with Bus error
Cisco router restarts randomly with the following error:
System has been restarted by error of bus to PC 0x4183614C, speech 0 x 95848 at 09:30:28 UTC Tuesday, April 23, 2013
I've pasted below see the chimneys and release the version.
view the stacks
Minimum factory chimneys:
Format name / free
5396/6000 inspect Init Msg
Subsystem SPAN 5368/6000
58920/60000 EEM Auto record Proc
Automatic start of 4772/6000 upgrade process
DIB 5164/6000 error message
HAND OF SASL 5396/6000
4968/6000 LICENSE DEFAULT AGENT
5368/12000 Init
4216/6000 update prst
4384/6000 VPN_HW_MIB_CREATION
5188/6000 RADIUS INITCONFIG
Update process random rom 2128/3000
8356/12000 SSH process
Stats URPF 5316/6000
Interruption of battery level:
Level named format / unused
Network interfaces 1 1484828 6284/9000
2 3264990 8548/9000 DMA/Timer Interrupt
3 1 8388/9000 PA Int management Manager
Console 4 115 8612/9000 Uart
External interrupt 5 0 9000/9000
NMI 7 223352 8564/9000 interrupt handler
Spurious interrupts: 11
System has been restarted by error of bus to PC 0x4183614C, speech 0 x 95848 at 09:30:28 UTC Tuesday, April 23, 2013
Software of 2800 (C2800NM-ADVSECURITYK9-M), Version 12.4 (24) T, RELEASE SOFTWARE (fc1)
Technical support: http://www.cisco.com/techsupport
Updated Thursday 25 February 09 17:55 by prod_rel_team
Image text-base: 0 x 40011240, database: 0x42B41940
The failure of the system stack trace:
FP: 0X472252B8, RA: 0X4183614C
FP: 0 X 47225310, RA: 0X418312F8
FP: 0 X 47225348, RA: 0X41647DC0
FP: 0X472253A8, RA: 0X4164A8F4
FP: 0 X 47225428, RA: 0X4164B248
See the version
Cisco IOS software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4 (24) T, RELEASE SOFTWARE (fc1)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Updated Thursday 25 February 09 17:55 by prod_rel_team
ROM: System Bootstrap, Version 12.4 (1r) [hqluong 1r], RELEASE SOFTWARE (fc1)
availability of Cisco is 28 minutes
System returned to ROM by bus to the 0x4183614C PC error, address 0 x 95848 at 09:30:28 UTC Tuesday, April 23, 2013
System image file is "flash: c2800nm-advsecurityk9 - mz.124 - 24.T.bin".
This product contains cryptographic features and is under the United States
States and local laws governing the import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third party approval to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. laws and local countries. By using this product you
agree to comply with the regulations and laws in force. If you are unable
to satisfy the United States and local laws, return the product.
A summary of U.S. laws governing Cisco cryptographic products to:
http://www.Cisco.com/WWL/export/crypto/tool/stqrg.html
If you need assistance please contact us by mail at
Cisco 2821 (revision 53.51) with 1036288K / 12288K bytes of memory.
Card processor ID FCZ1017732F
2 gigabit Ethernet interfaces
2 modules of virtual private network (VPN)
Configuration of DRAM is wide with parity 64-bit capable.
239K bytes of non-volatile configuration memory.
250880K bytes of ATA CompactFlash (read/write)
Configuration register is 0 x 2102
You want to use the tool interpreter of output for this work:
http://www.Cisco.com/pcgi-bin/support/OutputInterpreter/home.p
For more information about the resolution of crashes, see this article:
http://www.Cisco.com/en/us/products/HW/IAD/ps397/products_tech_note09186a00800b4447.shtml
In this case, it looks like CSCsy09250, described here:
http://www.Cisco.com/en/us/products/CSA/Cisco-SA-20100324-SCCP.html
You should contact Cisco for the software updated by following the instructions of this bulletin.
That crash possibly caused by part of sone intentionally sends out packets malformed to your device, so if you have reason to believe that someone in your community could run metasploit or similar "Penetration Testing" tools, you can look into that as well.
-
Admin Auth LMS with ACS 5.3
Hey people, I need to integrate LMS4 with ACS 5.x for LMS user auth. 2 roles are necessary, Admin and monitor. Y at - it all Documentation, example Configuration, or other useful information? Any help welcome.
Best regards, Michael
Hi Michael,
Perhaps these threads will give you enough details:
https://supportforums.Cisco.com/message/3484567
Best regards
André
-
I have windows 7 installed with boot camp.
I have Windows 7 installed with boot camp and use it for some financial software and games. Is this compatible with El Capitan Win7 installation, if I update? Thank you
Yes. Please check that you have backups and disk not resized/re-partitioned, before the upgrade of the El Capitan. In addition, create a Windows system restore point before the upgrade.
-
Please help this driving me Mad
Since the installation of Firefox 20.0.1. on my MS Windows 7 Toshiba Laptop there was a box in the center of my screen titled "progress install < with a bar running below green growth."
Firefox 20.0.1 (FF) works very well and I can drag the box of progress on my screen to my heart's content. Although there no small cross at the top right I can get rid of him by my mouse over the icon (ff), pinned to taskbar program in hover. This gives me a box of progress of installation with small cross, click and his party. That is until I got close and restart (ff) and back it comes in the middle of the screen. I tried to get rid of it through CTRL-ALT-DEL Task Manager, but even once, it reappears on start up (FF) I also stripped (ff) of my machine, once using widows uninstall/change of MS program features and for the second time by using third-party software as soon as I reinstall (ff) new same old problem.
Thank you
Cordially FenfollyStart Firefox in Safe Mode to check if one of the extensions (Firefox/tools > Modules > Extensions) or if hardware acceleration is the cause of the problem (switch to the DEFAULT theme: Firefox/tools > Modules > appearance).
- Do NOT click on the reset button on the startup window Mode safe or make changes.
-
remove the new toolbar (with Bing, MSN celebrities, etc.) installed with 3.6.3
This has happened
Each time Firefox opened
is downloaded 3.6.3
Firefox does not come with the Bing toolbar. Another program that you have installed delivered the Bing toolbar and added to Firefox.
If you can find the Bing toolbar in Add/Remove Programs, uninstall it from there.
Otherwise search for the toolbar in tools-> Modules-> Extensions in the Firefox menu bar and uninstall or disable.
It can be named Research Assistant or Search Toolbar 1.04.
See this thread for other possibilities: https://support.mozilla.com/en-US/forum/1/531033
If you are using help-> information on troubleshooting and the button copy to the Clipboard to paste here troubleshooting information, I can help you identify the culprit.
-
El Capitan installed with problems
Hi people,
I just installed El Capitan of Snow Leopard 10.6.8. Everything seemed okay... until I opened the first application, which is a PDF file. I tried to close the new Acrobat 8 pro installed with El Capitan, but it does not close and the screenshot stays on the screen. I tried to reinstall El Capitan again on the app store and when its done, it won't restart my computer, like Acrobat does not close. It will not force me to leave or the other. I pulled the plug on the wall and turned back on to find that the Acrobat is still healing. Any suggestions?
PS: my mouse now scrolls the contrary somewhere else :/ I have to scroll to the top to make the page down?
IM on a 24 "early 2009 Imac, 2.93 GHz Intel Core 2 Duo processor, 4 GB memory
Thank you very much
El Capitan does not install Acrobat of any kind. Do you mean that you installed when you installed El Capitan or did you update the version that you had already installed before installing El Capitan?
Your screenshots are not displayed to me what happens regularly here.
The scrolling direction has been changed while you push the content around the page, does not move the little thumb in the scroll bar. It shouldn't take more than a few hours to get used to. If this isn't the case, you can enable in the preferences of the mouse or Trackpad.
-
I have an installed with real-time PXI-8109 module. Displays the indicator USER1?
Hi all
I have an installed with real-time PXI-8109 module.
USER1 indicator LED displays on the Panel?
Thank you
The LEDs of the user are the indicators that you can control programmatically if needed be.
-Jayk
-
Applications installed with device drivers OR
I bought a few applications that have been written entirely in LabVIEW that also use data acquisition OR PXI cards. Before the installation, I installed the drivers of devices OR newer. I discovered that more than 70 applications installed with the drivers. Where can I learn what do each of these applications? I need this information because, in order for me to install device drivers OR on my networked computers, I need to know what my local network vulnerabilities could be introduced with these applications. If anyone can help? I enclose a list of executables (*.exe) installed in the C:\Program NIUninstaller Instruments\ folder only.
Hi USAARL.
I follow with you on a private message. As mentioned, we have what you ask because well documented right now, it's something we will address actively. We are having this type of information will be documented and available to all users soon. Please, followed in the manner specified in the private message.
-
Multisim update fails to install with error.
The regular update fails to install with error: an error occurred in the installation of an update. If this error persists contact technical support OR. It comes to Multisim.
How can this be repaired?
Thank you
Multisim is different to the discussion forum... Please post there is http://forums.ni.com/t5/Circuit-Design-Suite-Multisim/bd-p/370
It will help you get a better answer...
Best regards
H S
-
Warning could not cancel install with error 80070057
Installed upgrading windows on my Windows server 2008 and after that 1 day download and installation to date is an error message indicating that
Warning could not cancel install with error 80070057
warning do not cancel the installation in class HR = 80070057
Original title: it Manager
This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)*
Maybe you are looking for
-
Automator to mark the complete reminder?
I have a process every night (Monday to Friday) who writes a file in a specific DropBox folder when it is complete. What I'm trying to make, came with a "watchdog" to let me know when it happened. My thought was to create a periodic for each night of
-
Software not implemented fingerprint reader
I can't configure simplepass fingerprint reader software. I tried the HP Center utility icon. It doesn't do anything. I "ve also tried each executable file in the folder of the program simple and none of them pass doesn't make something else that tra
-
HP pavilion dv7 forgot bios password key: 11496963 please help
I forgot my password. Im trying to get into the BIOS Setup. Someone help please. It says enter unlock password (key: 11496963) it came with windows Vista, upgrade to windows 7 ultimate
-
Update the BIOS on the current version of the envy 15-1060ea is F05 10/2009
I am wanting to update bios on envy 15-1060ea current version 10/2009 F05, is the F.26A 04/2010 latest update and it'll work? + Can I install updates latest according to available F.2BA current 10/2010? on this site
-
Windows XP Media Center Version 2002 Service Pack 3 - service print spooler stopped
I recently ran a registry repair program to try to remove a virus from my computer, and the next time I tried to print, I received the error message. When I go into my control panel for printers & faxes, there is no printer listed. My computer will